1. Field of the Invention
The present invention relates generally to a computer implemented method, a data processing system, and a computer program product. More specifically, the present invention relates to the management of a set of federated logins.
2. Background Description
Control of access to web applications and resources is required to allow customers, partners and employees to access needed resources while effectively preventing unauthorized access to those same resources. However, user databases and access policies are often disjointed, requiring a user and administrators to jump through many login hoops before accessing the needed resources.
Federated Identity Management effectively solves many of the access problems. Local applications with their own identification standards can provide remote applications with security assertions containing user attributes. When an unregistered user seeks access to a resource within a certain security context, the local applications can search other federated repositories to authenticate the unregistered users.
However, a Federated Identification System introduces several additional problems. Federated single sign-on environments introduce privacy issues for a user whose only method of authentication to a website is via a tightly coupled federation relationship, i.e., the identity provider to the service provider. The identity provider in these relationships has the ability to track when a user visits a particular service provider. Additionally, if the infrastructure or provider of one authentication technique is offline, a user has no recourse for logging into the same account. Finally, a user may have different types of user-agent devices such as mobile telephones, personal digital assistants, and internet browsers. Any one of these devices may only support a subset of authentication credential protocols. Thus a user is often forced to maintain a variety of accounts in order to access each of the needed services.